Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages


home | help
guestlist(5)		       Doorman & Knocker		  guestlist(5)

       guestlist - The secondary doormand configuration	file

       The  doorman  daemon doormand requires a	list of	permitted "guests", or
       groups.	There must be one record per group, with the following order:

       <groupname> <secret> <port1> <port2> .. <address1> <address2> ..

       Records may span	multiple lines.	 The groupname MUST begin on the first
       character  of a line.  Continuation lines MUST be preceeded by at least
       one character of	whitespace (tabs or spaces).  Tabs and	space  charac-
       ters may	be freely used in any order.

       Any  part  of  a	 line following	a '#' character	is ignored, and	may be
       used as a comment.  Blank lines are ignored.

       This file MUST be readable and writeable	by root, only.

       groupname - The name which is sent by a knock client  to	 identify  it-
	   self.   Group  names	 may  be  up to	32 characters in length.  Both
	   group names and secrets may contain any alphanumeric	character,  as
	   well	as the characters:  !@#$%^&*()_-+=|{};:'"<>,?/

	   Note	 that  whitespace  and	the  "." character (period, or decimal
	   point) are not permitted.

       secret  - an authenticating password.  This is sent by the client as an
	   MD5	hash  salted with the client's IP address and the rounded sec-

	   Secrets may be up to	64 characters in  length,  and	use  the  same
	   character set as group names. (Remember: -no- periods!)

	   The	existence  of  this secret in plaintext	on both	the client and
	   server  machines  is	 the  reason  this  file,  and	the   client's
	   ~/.knockcf  file,  must be readable only by their users.   Under NO
	   circumstances should	it correspond to anything in any 'passwd' file

       port1 port2 ..  - a whitespace-delimited	list of	the ports to which the
	   group may connect.  A port may be specified as a number or  a  ser-
	   vice	 name;	that is, "22" and "ssh"	are equivalent.	 Service names
	   are case sensitive.

       address1	address2 ..  - a whitespace-delimited list of IP addresses  or
	   hostnames  from  which  the	group  may  connect.  Addresses	may be
	   unique, or expressed	as ranges by means of  an  "/nbits"  modifier.
	   Using a hostname to specify a range is permitted.  There must be no
	   whitespace before or	after the "/" character.

       An example record:
       group187	 b1g%Hairy_[seCret}!			# groupname & secret
		 ssh 23					# allowed ports	# allowed addresses

       knock(1), knockcf(5), doormand(8),

       doormand	and knock are an implementation	of an original idea by		       Doorman & Knocker

       Martin Krzywinski.  See his site	at

       Copyright (c) 2003-2005,	J.B.Ward

Doorman, V0.81			 Aug 14, 2005


Want to link to this manual page? Use this URL:

home | help